How do I install Ares?

Ares is a local plugin. Install it using the provided package and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

Ares scored 5.2/10 (moderate risk) in MCP Marketplace's automated security scan. It has 6 high or critical findings to review. It's listed, but review the security report on this page before installing.

What credentials does Ares need?

Ares requires the following credentials or environment variables: ARES_PROVENANCE_PRIVATE_KEY, ARES_PROVENANCE_KEY_ID, ARES_BASE_URL. You can find setup instructions on the server detail page.

What AI apps work with Ares?

Ares uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Ares MCP Server

by Milos106

Developer ToolsModerate5.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

MCP for ARES, the Czech business registry: lookup, due diligence, insolvency, signed provenance

About

MCP for ARES, the Czech business registry: lookup, due diligence, insolvency, signed provenance

Security Report

5.2

Moderate5.2Moderate Risk

ARES MCP is a well-structured, security-conscious server for Czech business registry lookups. Authentication is not required (upstream data is public), and the server implements rate-limiting, input validation, timeout protection, and optional cryptographic provenance signing. Permissions align with purpose: network access for ARES API calls, environment variables for configuration, and no shell/filesystem access. Minor code quality observations exist but do not affect core security. Supply chain analysis found 9 known vulnerabilities in dependencies (2 critical, 4 high severity).

5 files analyzed · 13 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

process_spawn

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Optional Ed25519 private key (base64 PKCS#8 DER) to enable signed provenance envelopes. Omit to run unsigned.Required

Environment variable: ARES_PROVENANCE_PRIVATE_KEY

Optional key id advertised in signed envelopes and the JWKS. Defaults to a thumbprint of the public key.Optional

Environment variable: ARES_PROVENANCE_KEY_ID

Optional override of the ARES REST base URL (defaults to the public ares.gov.cz endpoint).Optional

Environment variable: ARES_BASE_URL

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-milos106-ares-mcp": {
      "env": {
        "ARES_BASE_URL": "your-ares-base-url-here",
        "ARES_PROVENANCE_KEY_ID": "your-ares-provenance-key-id-here",
        "ARES_PROVENANCE_PRIVATE_KEY": "your-ares-provenance-private-key-here"
      },
      "args": [
        "-y",
        "ares-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

ares-mcp

MCP server for ARES — the Czech business registry. Validate IČO/DIČ, look up companies, statutory bodies, trade licenses and addresses directly from Claude Desktop, Claude Code, Cursor and any other MCP-compatible client.

Open-source (MIT), self-hosted. Runs against the public ARES API — your queries never leave your machine. Optionally emits Ed25519-signed, sourced answers so anyone can verify their integrity and origin offline.

Hosted version: icovazby.cz — full web company-checks across 10+ Czech registers (ARES, Public Register, trade licenses, insolvency, sanctions, …).

ARES (Administrativní registr ekonomických subjektů) is the official public registry of Czech businesses, operated by the Czech Ministry of Finance (MFČR). This project is an independent, community-built MCP server that calls the public ARES REST API.

Not affiliated with the Czech Ministry of Finance. This project is not affiliated with, endorsed by, or sponsored by MFČR or the ARES operator. "ARES" refers to the public information system; this MCP server is third-party software.

Free, MIT-licensed code. No API key required (ARES is a public API).
14 stable tools covering the full due-diligence + invoicing workflow: validation, lookup, structured search, search-by-address (virtual-office detection), statutory bodies, trade licenses, VAT check, address standardization, NACE lookup, RES statistical classification (size bracket, ESA 2010 sector), insolvency check, cross-company person graph with Mermaid + optional historical mode for nominee detection, a one-shot ares_full_due_diligence macro with 🟢🟡🔴 risk flag, and an export adapter that emits Fakturoid / iDoklad / Pohoda payloads ready to POST.
Two transports. Stdio (default) for local AI clients, Streamable HTTP (/mcp) for remote / web deployment.
Verifiable provenance (optional). With a signing key set, the due-diligence, statutory-bodies and insolvency tools return a signed envelope where every fact carries its registry source + date; verify it offline against the published JWKS. A technical integrity & origin proof — not a qualified e-signature or an official extract.
Defensive by design. Rate-limit aware (token bucket + exponential backoff with Retry-After), per-IP request throttling on the HTTP variant, structured errors, no PII stored or logged by default.

Setup

Install from source (an npm package is planned). Clone, build once, then point your MCP client at dist/index.js.

git clone git@github.com:milos106/ares-mcp.git
cd ares-mcp
npm install
npm run build
npm test

Then use the absolute path of dist/index.js in your client config.

Claude Desktop

Edit your claude_desktop_config.json:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
Linux: ~/.config/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "ares": {
      "command": "node",
      "args": ["/absolute/path/to/ares-mcp/dist/index.js"]
    }
  }
}

Restart Claude Desktop.

Claude Code

claude mcp add ares -- node /absolute/path/to/ares-mcp/dist/index.js

Cursor

In Cursor settings → MCP servers:

{
  "ares": {
    "command": "node",
    "args": ["/absolute/path/to/ares-mcp/dist/index.js"]
  }
}

Get ready-to-paste client config

After npm run build, this prints absolute-path config blocks for Claude Desktop, Cursor, Claude Code, and the local HTTP transport:

npm run config

Copy the JSON block straight into your client's MCP config — no path editing needed.

Try it interactively with MCP Inspector

npm run inspector

(Equivalent to npx @modelcontextprotocol/inspector node dist/index.js.)

Opens a browser UI at http://localhost:6274 where you can list tools, fill arguments, and run them against live ARES — no client configuration needed.

Run as a local HTTP service

A second entry point exposes the same tools over MCP Streamable HTTP. Useful when sharing one running instance across multiple local clients.

PORT=3030 npm run start:http

Endpoints:

POST /mcp — Streamable HTTP transport (JSON-RPC over HTTP / SSE)
GET /healthz — liveness + session count

Configuration via environment variables:

Variable	Default	Description
`PORT`	`3030`	Listen port
`ARES_HTTP_RATE_LIMIT`	`60`	Per-IP requests per minute (token bucket)
`ARES_HTTP_MAX_BODY`	`1000000`	Max request body bytes
`ARES_HTTP_SESSION_TTL_MS`	`3600000`	Idle session timeout
`ARES_HTTP_ALLOW_ORIGIN`	(unset)	If set, sent as `Access-Control-Allow-Origin` (e.g. `*` or `https://example.com`)

There is no built-in authentication — bind it to 127.0.0.1 only or put a reverse proxy in front if you ever need to expose it.

Tools

Tool	Purpose
`ares_validate_ico`	Mod-11 checksum validation. No network call.
`ares_lookup_company`	Aggregated company profile by IČO.
`ares_search_companies`	Structured search by name, postcode, NACE, legal form.
`ares_get_statutory_bodies`	Directors, board, partners (from VR).
`ares_get_trade_licenses`	Trade licenses (from RŽP).
`ares_check_vat_payer`	VAT-payer status with optional DIČ cross-check.
`ares_standardize_address`	Canonicalize a free-form address via RÚIAN.
`ares_lookup_cz_nace`	CZ-NACE classification lookup.
`ares_cross_company_persons`	Given 2–50 IČOs, find persons who hold active statutory roles in two or more of them. Returns JSON + Mermaid graph.
`ares_search_by_address`	Find all entities at a given address. Flags virtual offices / shell-address concentrations.
`ares_get_res_classification`	Statistical classification from RES — size bracket, ESA 2010 sector, NUTS region.
`ares_check_insolvenci`	Fast red-flag: is the entity currently in insolvency proceedings (IR) or marked as bankrupt (CEÚ)?
`ares_full_due_diligence`	One-shot DD report — profile + statutary + licenses + VAT + insolvency + 🟢🟡🔴 risk flag + Markdown summary.
`ares_export_for_invoicing`	Transform an ARES profile into a Fakturoid / iDoklad / Pohoda payload ready for invoicing systems. Pure transformation — no calls to the target system.

Example prompts

"Validate IČO 27074358 and tell me if it's a VAT payer and which region it's based in."

"Find Czech IT companies (CZ-NACE 620) registered in Prague."

"Who are the statutory directors of IČO 26168685? When were they appointed?"

"Standardize this address: 'Za prachárnou 4962/45, Jihlava'."

"Look up the CZ-NACE code for software development."

"I have IČOs 26185610, 46967851, 46900411, 27435148. Are any people on the boards of more than one? Draw it."

"Run a full due-diligence check on IČO 45193258 before I sign anything."

The DD prompt calls ares_full_due_diligence and returns a complete risk-flagged report. Real example (Liberty Ostrava a.s., captured 2026-06-07):

# Due diligence: Liberty Ostrava a.s.

Risk level: 🔴 RED

Findings:
- 🚨 Active insolvency or bankruptcy on record.

## Identification
- IČO: `45193258`
- DIČ: `CZ45193258` (VAT payer: yes)
- Legal form: 121
- Founded: 1992-01-22
- Registered seat: Vratimovská 689/117, Kunčice, 71900 Ostrava

## Governance
- Active statutary members: 3

## Insolvency
- Insolvenční rejstřík: ACTIVE
- Centrální evidence úpadců: NONE
- Currently insolvent.

The same prompt on a healthy company (AGROFERT IČO 26185610) yields 🟢 GREEN with 12 active statutary members and no findings.

The last prompt uses ares_cross_company_persons. The tool returns a Mermaid graph that Claude Desktop, Claude Code, and Cursor will render inline. On the Agrofert holding example above, the tool reports that Michal Jedlička sits on three of the four boards and Jaroslav Kurčík on two — a classic holding-group fingerprint.

A note on person→companies search

ARES's public REST v3 API does not expose a search-by-person endpoint (the AngazovanaOsobaFiltr schema is defined but unused). ares_cross_company_persons therefore operates over a known set of IČOs that you provide — it does not enumerate the registry. Full reverse lookup ("which companies has Jan Novák ever sat on?") requires a mirrored graph database and is out of scope for this MIT-licensed server.

Real example — the Agrofert holding

Run ares_cross_company_persons with four IČOs from the Agrofert group (AGROFERT itself + three subsidiaries) and the tool returns the full board overlap. Captured from a live ARES call on 2026-06-07:

zpracovanoIco: 4
totalActivePersons: 29
sharedCount: 3

  • Ing. MICHAL JEDLIČKA (1978-01-06)
       AGROFERT, a.s.            — člen představenstva
       Kostelecké uzeniny a.s.   — předseda představenstva
       Vodňanské kuře, s.r.o.    — Jednatel

  • Ing. JAROSLAV KURČÍK (1969-08-24)
       AGROFERT, a.s.            — člen představenstva
       PENAM, a.s.               — předseda představenstva

  • AGROFERT, a.s. (právnická osoba, IČO 26185610)
       PENAM, a.s.               — člen představenstva
       Kostelecké uzeniny a.s.   — člen představenstva

Rendered as Mermaid (Claude Desktop / Claude Code / Cursor render this inline):

graph LR
  C_26185610["AGROFERT, a.s.<br/>26185610"]:::company
  C_46967851["PENAM, a.s.<br/>46967851"]:::company
  C_46900411["Kostelecké uzeniny a.s.<br/>46900411"]:::company
  C_27435148["Vodňanské kuře, s.r.o.<br/>27435148"]:::company
  P_0(["Ing. MICHAL JEDLIČKA"]):::person
  P_0 ---|"člen představenstva"| C_26185610
  P_0 ---|"předseda představenstva"| C_46900411
  P_0 ---|"Jednatel"| C_27435148
  P_1(["Ing. JAROSLAV KURČÍK"]):::person
  P_1 ---|"člen představenstva"| C_26185610
  P_1 ---|"předseda představenstva"| C_46967851
  P_2["AGROFERT, a.s. (IČO 26185610)"]:::legal
  P_2 ---|"člen představenstva"| C_46967851
  P_2 ---|"člen představenstva"| C_46900411
  classDef company fill:#e0f7fa,stroke:#006064,stroke-width:2px;
  classDef person fill:#fff3e0,stroke:#bf360c,stroke-width:2px;
  classDef legal fill:#f3e5f5,stroke:#4a148c,stroke-width:2px;

The third connection — AGROFERT a.s. itself listed as a corporate director in two of its subsidiaries — is a real holding-company pattern that flat per-company listings miss but the graph helper surfaces automatically.

Configuration

The server reads optional environment variables:

Variable	Default	Description
`ARES_BASE_URL`	`https://ares.gov.cz/ekonomicke-subjekty-v-be/rest`	API base URL
`ARES_RATE_PER_SECOND`	`5`	Token-bucket budget. MFČR documents a ceiling of 500 req/min (~8 req/s); we default to 5 for headroom. Do not exceed 8.
`ARES_TIMEOUT_MS`	`15000`	Per-request timeout
`ARES_RETRIES`	`3`	Retry budget (on top of the initial attempt) for retriable errors

Error handling

Errors are returned as a JSON payload inside the tool result (with isError: true) so the agent can reason about them. Codes:

Code	When
`NOT_FOUND`	The IČO or resource does not exist in ARES.
`INVALID_INPUT`	The input failed validation (e.g. IČO checksum, missing search filter).
`RATE_LIMITED`	ARES returned 429 and retries were exhausted.
`UPSTREAM_ERROR`	ARES returned 5xx.
`NETWORK_ERROR`	The request timed out or could not be sent.

Data attribution & license

ARES data is published by the Czech Ministry of Finance as open data under the Creative Commons Attribution 4.0 (CC BY 4.0) license. When using output from these tools in your own products, content, or analysis, you must attribute the source.

Suggested attribution string:

Source: ARES — Administrativní registr ekonomických subjektů, © Ministerstvo financí ČR, https://ares.gov.cz/, licensed under CC BY 4.0.

Each tool result includes an _attribution field with the full citation block for convenience.

The code of this MCP server is licensed under the MIT license (see LICENSE); the upstream data license (CC BY 4.0) is independent of and unaffected by this code license.

Acceptable use of the ARES API

The MFČR publishes operational rules for the ARES public API. Using this MCP server does not exempt you from those rules — your client must respect them. Summary:

Max 500 requests per minute per user. Above that, MFČR reserves the right to block access.
Do not run repeated malformed queries.
Do not maintain excessive concurrent automated queries.
Do not circumvent rate limits using multiple IP addresses.
Do not perform random database crawling (e.g. mass IČO enumeration).
Do not probe security boundaries.

This server enforces a default budget of 5 req/s (300/min) and exponential backoff. You are responsible for staying inside the MFČR limits in aggregate, especially if you run multiple instances.

Full operating conditions: wwwinfo.mfcr.cz/ares/ares_podminky.html.cz.

Disclaimers

Data is public, not authoritative for legal proceedings. All information from ARES is, per MFČR, "pouze informativního charakteru" (informational only). For court use, obtain an official extract from the Public Register at justice.cz.
VAT-payer status from ARES is up to 24h delayed. The authoritative source is the MFČR VAT registry at adisspr.mfcr.cz. A future Premium tier may add a direct MFČR check.
GDPR. ARES contains personal data of statutory representatives (names, dates of birth). Publication of this data rests on the public-task lawful basis (Article 6(1)(e) GDPR) for MFČR. If you process this data downstream — including by passing it to your own LLM, storing it, or showing it to end-users — you are the controller and must comply with GDPR yourself. This server does not log requests or store responses by default.

Roadmap

v0.x (current): 8 free MVP tools, MIT-licensed, npm-distributed.
Premium tier (planned): ares_subscribe_changes, ares_bulk_lookup, ares_due_diligence_report, ares_export_to_invoice_systems.

Contributing

Bug reports and PRs welcome. Run:

npm run lint
npm run typecheck
npm test

before submitting.

License

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

Ares MCP Server

About

Security Report

Findings (13)Action required

Permissions Required

What You'll Need

How to Install

Documentation

ares-mcp

Setup

Claude Desktop

Claude Code

Cursor

Get ready-to-paste client config

Try it interactively with MCP Inspector

Run as a local HTTP service

Tools

Example prompts

A note on person→companies search

Real example — the Agrofert holding

Configuration

Error handling

Data attribution & license

Acceptable use of the ARES API

Disclaimers

Roadmap

Contributing

Links

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent